From bf4edb40561674d0f0b4bae1202691af294ab0af Mon Sep 17 00:00:00 2001 From: Nicolas Viennot Date: Wed, 12 Jun 2013 01:28:01 -0400 Subject: [PATCH] Authenticating the server --- tmate-ssh-client.c | 61 ++++++++++++++++++++++++++++++++++++++++++---- tmate.h | 6 ++++- 2 files changed, 61 insertions(+), 6 deletions(-) diff --git a/tmate-ssh-client.c b/tmate-ssh-client.c index 497b7128..abc23fa3 100644 --- a/tmate-ssh-client.c +++ b/tmate-ssh-client.c @@ -71,6 +71,13 @@ static void consume_channel(struct tmate_ssh_client *client) static void on_session_event(struct tmate_ssh_client *client) { + ssh_key pubkey; + int key_type; + unsigned char *hash; + ssize_t hash_len; + char *hash_str; + int match; + int verbosity = SSH_LOG_RARE; int port = TMATE_PORT; @@ -94,10 +101,10 @@ static void on_session_event(struct tmate_ssh_client *client) } ssh_set_blocking(session, 0); - ssh_options_set(session, SSH_OPTIONS_HOST, "localhost"); + ssh_options_set(session, SSH_OPTIONS_HOST, TMATE_HOST); ssh_options_set(session, SSH_OPTIONS_LOG_VERBOSITY, &verbosity); ssh_options_set(session, SSH_OPTIONS_PORT, &port); - ssh_options_set(session, SSH_OPTIONS_USER, TMATE_HOST); + ssh_options_set(session, SSH_OPTIONS_USER, "tmate"); ssh_options_set(session, SSH_OPTIONS_COMPRESSION, "yes"); tmate_debug("Connecting..."); @@ -116,13 +123,57 @@ static void on_session_event(struct tmate_ssh_client *client) case SSH_OK: register_session_fd_event(client); tmate_debug("Connected"); - client->state = SSH_AUTH; + client->state = SSH_AUTH_SERVER; /* fall through */ } - /* TODO Authenticate server */ + case SSH_AUTH_SERVER: + if ((hash_len = ssh_get_pubkey_hash(session, &hash)) < 0) { + tmate_debug("Cannnot authenticate server"); + disconnect_session(client); + return; + } - case SSH_AUTH: + hash_str = ssh_get_hexa(hash, hash_len); + if (!hash_str) + tmate_fatal("malloc failed"); + + if (ssh_get_publickey(session, &pubkey) < 0) + tmate_fatal("ssh_get_publickey"); + +#ifdef DEVENV + match = 1; +#else + key_type = ssh_key_type(pubkey); + switch (key_type) { + case SSH_KEYTYPE_DSS: + match = !strcmp(hash_str, TMATE_HOST_DSA_KEY); + break; + case SSH_KEYTYPE_RSA: + match = !strcmp(hash_str, TMATE_HOST_RSA_KEY); + break; + case SSH_KEYTYPE_ECDSA: + match = !strcmp(hash_str, TMATE_HOST_ECDSA_KEY); + break; + default: + match = 0; + } +#endif + + ssh_key_free(pubkey); + ssh_clean_pubkey_hash(&hash); + free(hash_str); + + if (!match) { + tmate_debug("Cannnot authenticate server"); + disconnect_session(client); + return; + } + + client->state = SSH_AUTH_CLIENT; + /* fall through */ + + case SSH_AUTH_CLIENT: switch (ssh_userauth_autopubkey(session, NULL)) { case SSH_AUTH_AGAIN: return; diff --git a/tmate.h b/tmate.h index 46800aa5..3acabed4 100644 --- a/tmate.h +++ b/tmate.h @@ -69,6 +69,9 @@ extern void tmate_decoder_commit(struct tmate_decoder *decoder, size_t len); #else #define TMATE_HOST "tmate.io" #define TMATE_PORT 22 +#define TMATE_HOST_DSA_KEY "f5:26:31:c3:8a:78:6e:5c:77:74:0f:41:5b:5f:21:88" +#define TMATE_HOST_RSA_KEY "af:2d:81:c1:fe:49:70:2d:7f:09:a9:d7:4b:32:e3:be" +#define TMATE_HOST_ECDSA_KEY "c7:a1:51:36:d2:bb:35:4b:0a:1a:c0:43:97:74:ea:42" #endif typedef struct ssh_session_struct* ssh_session; @@ -78,7 +81,8 @@ enum tmate_ssh_client_state_types { SSH_NONE, SSH_INIT, SSH_CONNECT, - SSH_AUTH, + SSH_AUTH_SERVER, + SSH_AUTH_CLIENT, SSH_OPEN_CHANNEL, SSH_BOOTSTRAP, SSH_READY,